Add OCSF DNS Activity normalization to coredns pipeline (DataDog#23726)

* Add OCSF DNS Activity normalization to coredns pipeline

Map CoreDNS query/response logs to OCSF DNS Activity [4003]. Adds OCSF
facets, a single-class sub-pipeline (no pre-transformation), and the
generated expected OCSF blocks in the test fixtures.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Align coredns OCSF facet names with cloudflare and route53

validate-logs flagged five OCSF facet path conflicts. Rename to the
canonical form used by the existing DNS integrations and add the
`type: integer` annotation expected on `ocsf.rcode_id` and
`ocsf.src_endpoint.port`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Add facetType range to ocsf.src_endpoint.port facet

validate-logs asks for `facetType: range` on this facet path. Match the
form CI's canonical-suggestion message printed for ocsf.src_endpoint.port.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* remove redundant fallbacks

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: jbfeldman-dd